Practical, actionable advice for tackling cybersecurity in industrial control systems & operational technology

For those of us managing critical infrastructure in the public sector, keeping up with new threats and tech advancements isn't just important—it's our duty. Many in the Industrial Control Systems/Operational Technology (ICS/OT) cybersecurity community know how valuable data-driven insights are for building strong security programs. These services impact the communities they serve and providers need a solid plan to understand their peers, boost their defenses, and get ready for future challenges.?

Practical, actionable advice can directly improve ICS/OT security programs and the corporate infrastructure they support. Whether it’s aligning with industry standards, boosting workforce skills, or adopting new tech, organizations need to track their progress and plan ahead. Taking steps now ensures that security strategies meet today’s needs and are ready for tomorrow’s challenges.?

According to this year’s SANS 2024 State of ICS/OT Cybersecurity report, 28% of organizations lack a dedicated ICS/OT incident response plan. While this is an improvement from previous years, the gap is still worrying, especially with the increasing breaches and ransomware events we see in the media.?

Advancements in cloud adoption and security tech are promising, however, ongoing workforce development and aligning budget priorities with actual risks remain critical challenges.?

Key cybersecurity controls for the public sector ICS sector that need immediate attention include:?

?

• ICS incident response: Focus on developing and maintaining a tailored incident response plan to ensure resilience and swift recovery in ICS environments. For those with an Incident Response Plan (IRP), testing is usually done annually.?
• Defensible architecture: Design and implement robust IT and ICS architectures that support visibility, segmentation, and process communication enforcement. Technology is the largest budget category for ICS security programs. After establishing an ICS-specific incident response program based on scenarios and safety/reliability risks, organizations should deploy defensible architecture technologies and strategies tailored to incidents that could affect the industrial process and human safety.?
• ICS network visibility and monitoring: Industrial cybersecurity is evolving rapidly, and so are the capabilities of security operations centers (SOCs) that monitor and respond to threats in ICS environments. Data collection and correlation across various ICS components are key for effective ICS/OT SOCs. Organizations should embed continuous network security monitoring with protocol-aware tools to enhance visibility into ICS interactions and identify vulnerabilities.?
• Secure remote access: Remote access has been a challenging topic across ICS/OT security programs. Unlike IT networks, ICS/OT environments must balance access requirements with potential reliability and safety impacts. These extra considerations are exacerbated by the isolated locations of many industrial sites, where support is often limited. Remote access by vendors, contractors, and internal staff has increased over the past few years. COVID lockdowns did not help the situation when, for example, many vendors urgently provided their remote access tools for free. Temporary solutions, however, can create permanent risks. What was once a carefully planned activity became reactionary, making the need for secure remote access a top critical control. Understanding remote access issues begins with recognizing and cataloging the existing connectivity in industrial settings. Organizations should prioritize securing remote access to ICS networks, particularly against threats from hybrid work structures and supply chain vulnerabilities.?
• Risk-based vulnerability management: ICS/OT vulnerabilities vary in severity and exploitability. Vulnerability management does not mean “patch management” for many industrial organizations; each vulnerability must be assessed for its potential impact and the attack vector required for exploitation. Organizations should aim to mature the management of ICS vulnerabilities based on a well-defined risk framework, focusing on those that could enable adversary access or disrupt operations.?
• Organizations must critically assess their security postures and use these findings to shape strategic plans for the future. By adopting standards-based governance, prioritizing workforce development, and embracing advanced technologies, organizations can effectively manage the complex risks facing critical infrastructure.?

The path forward is clear: proactive, informed, and strategic actions are essential to ensuring the security and resilience of our ICS/OT environments. With the right focus and resources, organizations can meet today’s challenges and be well-prepared for the threats of tomorrow.?

For more information on how we can help your organization plan a secure future, contact Andrew Fedson at [email protected].??